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DETAILED ACTION 

1. Presently, pending claims are 1, 4, 6- 12, 15, 23 and 26. 

Response to Argument 

2. Examiner notes a PROSECUTION IS HEREBY REOPENED due to a new ground of 35 
U.S.C. 101 rejections for claim 23. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

3. Claim 23 is rejected under 35 U.S.C. 101 because the claim is directed to software per 
se which is a non-statutory subject matter. Examiner notes for an apparatus claim , wherein at 
least one recited element must be hardware; however, all of the three elements such as a key 
table, a transform logic and forwarding logic, as recited in the claim, would have been 
reasonably interpreted in light of the disclosure by one of ordinary skill as including software 
alone - i.e. it may be intended to claim merely as a software module component / element as 
being not limited to any hardware element that indicates, in addition, although various 
components were shown as functional blocks, it is understood that these functions may be 
implemented in hardware, software, or any combination thereof, and no particular delineation of 
functionality is part of the invention ( SPEC: Page 22 Line 22 - 24 ). 
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Double Patenting 

The nonstatutory provisional double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent and to 
prevent possible harassment by multiple assignees. See In re Goodman, 1 1 F.3d 1046, 29 
USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In 
re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 
USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321 (c) may be used to 
overcome an actual or provisional rejection based on a nonstatutory double patenting ground 
provided the conflicting application or patent is shown to be commonly owned with this 
application. See 37 CFR 1.130(b). 

Effective January 1, 1994, a registered attorney or agent of record may sign a terminal 
disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 
CFR 3.73(b). 

4. Claims 1 , 4, 6 - 1 2, 1 5, 23 and 26 are rejected under the judicially created doctrine of 
obviousness-type provisional double patenting as being unpatentable over claims 1,6-9 and 
1 1 of copending application 10/661,903. Although the conflicting claims are not identical, they 
are not patentably distinct from each other because claims 1, 4 and 1 1 of the instant application 
are envisioned by the claims of the copending application that contain all the limitations of 
claims of the instant application and as such claims of the instant application are not patently 
distinct from the earlier copending application claim and as such are unpatentable for obvious- 
type provisional double patenting. 
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Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 
A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

5. Claims 1, 4, 6, 8, 9, 11, 12, 23 and 26 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Liu (U.S. Patent 2002/0154635), which incorporates the reference of 

Caronni et al. (U.S. Patent 6,970,941 ) as shown in ( Liu: Para r00021 \ in view of Shimbo et al. 

(U.S. Patent 6,185,680). 

As per claim 1 and 12, Liu / Caronni teaches a method of securing packet data 
transferred between a first and second member of a private network over a backbone, the 
backbone operating according to a routing protocol (Caronni : Column 2 Line 14-35 and 
Column 4 Line 38 - 52), the method comprising the steps of: 

receiving a packet from any one of a plurality of members of a private network, the 
packet including a private network address comprising a source address and a destination 
address, the packet further including a payload (Caronni : Column 1 1 Line 37-61 & Liu: Para 
[0025]: enabling communications between a first private network and a second private network 
configured from nodes in a public backbone network ): 

apportioning the packet into a first portion and a second portion, wherein the first portion 
includes fields of the packet used for transmission of the packet according to the protocol of the 
backbone including the private network address and the second portion includes payload 
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(Caronni : Figure 2B & Column 12 Line 11 - 19: the first portion is the SRC/DST real address 
according the protocol of the backbone & Liu: Para [0025]). 

Liu / Caronni does not disclose expressly appending a gateway source address with the 
source address of the packet to the second portion to generate a group header. 

Shimbo teaches appending a gateway source address with the source address of the 
packet to the second portion to generate a group header (Shimbo: Column 26 Line 28 - 36 & 
Caronni : Column 7 Line 7-13 and Column 9 Line 1 - 5 & Figure 6 and Column 12 Line 1 1 - 
19, Column 6 Line 8-10 Figure 2B : (a) Shimbo teaches appending a gateway source address 
with the source address of the packet to the second portion (Shimbo: Column 26 Line 28 - 36 & 
Caronni : Figure 2B & Column 12 Line 11 - 19) and (b) Caronni teaches a Supernet is indeed a 
private network that has its own internal addressing scheme (Caronni: Column 6 Line 8-10) 
and a Supernet ID is included in the packet transformation qualified as a Group ID (Caronni: 
Column 7 Line 7-13 and Column 9 Line 1 - 5 & Figure 6). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Shimbo within the system of Liu because (a) 
Liu teaches a mechanism to extend private networks onto a public infrastructure (Liu: Para 
[0015] and [0018]) / Caronni teaches modifying a IP packet format so that any type of delivery 
scheme may be assigned to any address or group of addresses (Caronni: Column 3 Line 19 - 
25) and (b) Shimbo teaches providing an efficient, flexible and secured method to protect the 
data communication in any type of networks such as hierarchical organized or mobile computing 
environment by using a security gateway (Shimbo: Column 3 Line 39 - 50). 

transforming the second portion of the packet according to a group security association 
associated with the private network to provide a transformed portion which includes a 
transformed group header (Caronni : Column 7 Line 5 - 33, Column 3 Line 17-21 and Column 
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1 1 Line 37 - 43: the mappings of the internal / private address, known as node ID, which is 
considered as a part of the group security association and the Supernet contains a modification 
to the IP packet format that can be used to separate network behavior from addressing and 
besides, the security association (SA) is related to Authentication Header (AH)); 

appending the first portion of the packet to the transformed portion to provide a 
transformed packet (Caronni : Figure 2B & Column 12 Line 11 - 19: the first portion is the 
SRC/DST real addresses according the protocol of the backbone is appended to the second 
portion of SRC/DST virtual addresses); and 

transmitting the transformed packet to the backbone using the private network address 
(Caronni : Column 3 Line 17 - 23). 

As per claim 23, Liu / Caronni teaches an apparatus at a node for transforming packets 
for forwarding between a plurality of members of a group communicating on a scalable private 
network over a backbone, each of the plurality of group members communicating with the 
backbone via respective gateways; wherein the backbone operates according to a protocol 
(Caronni : Column 2 Line 14-35 and Column 4 Line 38 - 52), the apparatus comprising: 

a key table, the key table including a security association for each group that the node is 
a member (Caronni : Column 7 Line 5 - 33 : VARPDB stores the mappings of the internal / 
private address, known as node ID, which is considered as a part of key table); 

transform logic operable to apply a security association to only a portion of each packet 
transmitted over the private network associated with each group to ensure that a remaining 
portion of the packet enabling communication over the backbone according to the protocol is 
preserved (Caronni : Figure 2B & Column 12 Line 11 - 19, Column 7 Line 5 - 33, Column 3 
Line 17-21 and Column 1 1 Line 37 - 43: only Supernet virtual address contains a modification 



Application/Control Number: 10/661,657 Page 7 

Art Unit: 2131 

to the IP packet format that can be used to separate network behavior for forwarding 
communication between members of the group using an private network address associated 
with the group and the portion of SRC/DST real address according the protocol of the backbone 
is preserved); and 

forwarding logic for forwarding communication between members of the group using an 
private network address associated with the group (Caronni : Column 3 Line 17 - 23). 

transform logic comprising means for modifying packets received from a source member 
of the group for transfer on a private network over the backbone by: extracting a private network 
address header from a received packet, the private network address header including a source 
and destination address (Caronni: Column 6 Line 8 - 10, Column 7 Line 7-13 and Column 9 
Line 1 - 5 & Figure 6: a Supernet is indeed a private network that has its own internal 
addressing scheme for transfer on a private network over the backbone). 

However, Liu / Caronni does not disclose expressly appending to the received packet, a 
group header including a group identifier associated with the private network and a gateway 
address associated with a source member; applying a security association to the received 
packet including the group header to provide a modified packet; appending the private network 
address header to the modified packet to provide a transformed packet, where only information 
in the transformed packet that enables communication over the backbone is unsecured. 

Shimbo (& Caronni) teaches appending to the received packet, a group header including 
a group identifier associated with the private network and a gateway address associated with a 
source member; applying a security association to the received packet including the group 
header to provide a modified packet; appending the private network address header to the 
modified packet to provide a transformed packet, where only information in the transformed 
packet that enables communication over the backbone is unsecured (Shimbo: Column 26 Line 
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28 - 36 & Caronni : Column 7 Line 7-13 and Column 9 Line 1 - 5 & Figure 6 and Column 12 
Line 11 - 19, Column 6 Line 8-10 Figure 2B : (a) Shimbo teaches appending a gateway 
source address with the source address of the packet to the second portion (Shimbo: Column 
26 Line 28 - 36 & Caronni : Figure 2B & Column 12 Line 1 1 - 19) and (b) Caronni teaches a 
Supernet is indeed a private network that has its own internal addressing scheme (Caronni: 
Column 6 Line 8-10) and a Supernet ID is included in the packet transformation qualified as a 
Group ID (Caronni: Column 7 Line 7-13 and Column 9 Line 1 - 5 & Figure 6 and (c) ESP, as 
per IPSec protocol feature, can be used to provide confidentiality, authentication and integrity 
and besides, the key information included in the packet header can be used to secure 
information between peer-to-peer (using the same key) to protect private network addressing 
information except the backbone public network address that uses an open network addressing 
scheme (i.e. not secured) (Caronni: Figure 6 and Column 9 Line 1 - 39). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Shimbo within the system of Liu because (a) 
Liu teaches a mechanism to extend private networks onto a public infrastructure (Liu: Para 
[0015] and [0018]) / Caronni teaches modifying a IP packet format so that any type of delivery 
scheme may be assigned to any address or group of addresses (Caronni: Column 3 Line 19 - 
25) and (b) Shimbo teaches providing an efficient, flexible and secured method to protect the 
data communication in any type of networks such as hierarchical organized or mobile computing 
environment by using a security gateway (Shimbo: Column 3 Line 39 - 50). 

As per claim 4 and 26, Liu / Caronni as modified teaches the step of transforming is 
performed at the first member of the private network (Caronni : Column 2 Line 27 - 32: terminal 
computer device D^. 
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As per claim 6, Liu / Caronni as modified teaches the first portion of the packet 
comprises a first header, the first header having a type, source and destination, and wherein the 
group header comprise a group type, the gateway source address, group address and wherein 
the step of generating a group header includes the step of copying the type of the first header to 
the group type (Shimbo: Column 9 Line 15-39, Column 26 Line 28 - 36 & Caronni : Figure 2B 
& Column 12 Line 11-19, Column 3 Line 21 - 23 and Column 5 Line 20 - 23: the next header 
field identifies the type of header immediately following the current header and thus it can 
obtained by copying the header type from the previous "next header field"). 

As per claim 8, Liu / Caronni as modified teaches the group security association is an 
Internet Protocol Security transform (Caronni : Column 9 Line 28: IPSec). 

As per claim 9, Liu / Caronni as modified teaches the group security association is an 
Encapsulated Security Protocol. (Caronni : Column 9 Line 28: ESP protocol). 

As per claim 11, Liu / Caronni as modified teaches receiving, at each member of the 
private network, a key corresponding to the private network group security association (Caronni 
: Column 10 Line 26 - 29: KMS = Key Management Server). 

6. Claim 15 is rejected under 35 U.S.C. 103(a) as being unpatentable over Liu (U.S. Patent 
2002/0154635), in view of Shimbo et al. (U.S. Patent 6,185,680), and in view of Alkhatib et al. 
(U.S. Patent 2003/0233454). 
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As per claim 15, Liu does as modified not disclose expressly transforming is performed 
at a gateway device disposed between one of the at least two members of the virtual private 
network and the communication link. 

Alkhatib teaches transforming is performed at a gateway device disposed between one 
of the at least two members of the virtual private network and the communication link (Alkhatib : 
Par [0049] Line 14-17 and Para [0017] Line 1 - 8: (a) an edge device is disposed between the 
first member of the private network and the backbone, and wherein the step of transforming is 
performed at the edge device and (b) a gateway, that changes and encapsulates the destination 
address, can be considered as an edge device, which also appears in the specification of the 
instant application (SPEC: Page 3 Line 14: Customer Edge device may also be referred to as 
a gateway device). 

It would have been obvious to a person of ordinary skill in the art at the time the invention 
was made to combine the teaching of Alkhatib within the system of Liu because (a) Liu 
teaches a mechanism to extend private networks onto a public infrastructure (Liu: Para 
[0015] and [0018]) and (b) Alkhatib teaches providing a method to create a binding between 
public address and private address when communicating over a private network (Alkhatib : 
Para [0019]). 

7. Claim 7 is rejected under 35 U.S.C. 103(a) as being unpatentable over Liu (U.S. Patent 
2002/0154635). Liu (U.S. Patent 2002/0154635), which incorporates the reference of Caronni 
et al. (U.S. Patent 6,970,941) as shown in ( Liu: Para [00021 ) in view of Shimbo et al. (U.S. 
Patent 6,185,680). 
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As per claim 7, Liu as modified discloses the first header further includes a length, the 
group header further includes a group length, and wherein the method includes the steps of 
copying the length to the group length (Caronni : Column 7 Line 15 - 16 : Examiner notes any of 
the standard protocol format obviously conforms to standard T / L / V fields (Type, Length, and 
Value) as a complete layout of a protocol specification). 

8. Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over Liu (U.S. Patent 
2002/0154635), in view of Shimbo et al. (U.S. Patent 6,185,680), and in view of Boden et al. 
(U.S. Patent 6,330,562). 

As per claim 10, Liu as modified does not disclose expressly the group security association 
is an Internet Key Encryption. 

Boden teaches the group security association is an Internet Key Encryption (Column 2 
Line 4-5: IKE scheme). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Boden within the system of Liu because (a) Liu 
teaches a mechanism to extend private networks onto a public infrastructure over a VPN 
(Virtual Private Network) (Liu: Para [0015] and [0018]) and (b) Boden teaches providing a data 
model for abstracting customer-defined VPN security policy information to dynamically 
negotiate, create, delete, and maintain secure connections at the IP level with other VPN nodes 
(Boden : Abstract). 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Longbit Chai whose telephone number is 571-272-3788. The examiner 
can normally be reached on Monday-Friday 9:00am-5:00pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Longbit Chai/ 
Longbit Chai Ph.D. 
Primary Examiner, Art Unit 2131 
5/16/2008 



